I Made A Thing Again - GUI Log Search

on under Python
4 minute read

A friend of mine at work has been looking for a way to parse logs without using a cli tool, so I very kindly offered to make him one in python as practice. I asked him what he wants and he said “To just get rid of all the extra stuff and show me what I searched for, and to be able to search again from that, in a GUI.”

So okay. I wrote a little python script to do what he asked for our mail logs within the cli in about 15 minutes. I spent the next week trying to figure out how to do that in a GUI.

After slaving away in my free time, running through track after track of HOUR LONG soundtracks on youtube, I have completed the ask with log_parser.exe, a log searching utility written in python3.
Features:

  • Upload any file format including .current, .log, .s, .yaml, .config, you name it. If it’s not text then it just silently refuses to upload.
  • Search and show entire line matches for search results. Search for @gmail.com and you will get all entire lines where @gmail.com is present.
  • Save search results to a new file. You name the file, you name the format.
  • Infinitely resizeable window, equals infinitely resizeable search results box.
  • Line wrap and horizontal scrolling so you can go ahead and have 15233 line matches, you can scroll up and down, ctrl+a and ctrl+c to select all and copy if you want.
  • Line count shows for number of matches in the search results. So now you can use it for lots of things, eh? Not just logs.
  • Current file is visible so you know you’re searching the correct log, not that other one, no I mean that other other one from last week that you already searched.
  • Dark mode by default, because you know what time it is.

So yeah this took me what feels like a long time, while also comparitively very little time from start to finish to complete. Here are some lessons learned…

  1. Can’t use variables from within a function unless they are global. Oops.
  2. ‘With open(str(file)) as name’ is a thing!
  3. Be sure to note good tutorials in commented out code. Awesome.
  4. Be sure to save those hex color codes in a multiline comment for later use.
  5. If making a GUI then ALWAYS make a visual mockup in mspaint (or something). Annotate rows and columns.
  6. Expect to handle one new error per day, anything faster than that is just a “nice to have”.
  7. Sometimes it’s really “around the barn” to write a new program but you’ll learn.
  8. Run it through VirusTotal! Because…

After finally finishing error handling, format and colors, and compiling an executable, I shared it with the co-worker.
He promptly downloaded it, and
Cisco Secure Endpoint promptly intercepted and sinkhole’d it.
His hilarious response to receiving the file: “Ummmmm……”
Cisco Secure Endpoint uses Cisco Talos threat intelligence. So, following the instructions at Talos’ Support page, I went ahead and submitted a ticket to get a clean verdict on it. All I needed was a CCO ID and a SHA256. I uploaded the binary to VirusTotal and MetaDefender and found that most AV will not categorize it as malicious. HOWEVER, this accounts for behavioral analysis and not heuristics analysis. Anxiously awaiting a clean verdict!
Update: Talos has decided to leave the verdict unchanged. I’ve looked more into this and I can sign the code but for it to last 2 years I will need to pay $400-600 for a code signing cert. Ew.

Code is hosted here on my github repo, github.com/cpardue/python3/log_parser.
Feel free to review the code and use it for free!
Had lots of fun, 10/10 would do again.
However, keep in mind that I wrote the heart of this script in like 15 minutes.
It would have been 1 minute if I knew anything about programming.
I created an exe that nobody can or will use.
Notepad++ “search and find all in text” works just fine.
The functionality was finished in a few minutes, the GUI took days and days and days.
So the final lesson learned is…

8. $cat file | grep term > outputfile; less outputfile

logs, python
comments powered by Disqus